14 DAY TRIAL // On Wednesday, the jQuery Foundation confirmed that jquery.com had been the target of a cyber-attack, but said that the incident did not affect the code of the JavaScript library, as it was intended to only deface the website.
The team received alerts from multiple sources, and following its own investigation, it reached the conclusion that the website was compromised by an unknown party that did not inject any malicious code.
Separate events possibly using the same attack vector
In a previous report, RiskIQ security firm alerted that on September 18 jquery.com was injected with an invisible iframe that would redirect users to a website serving the RIG exploit kit.
The jQuery team believes that the two incidents are not related, but they do not exclude the possibility that the same attack vector was used in both cases.
The September 18 incident reported by RiskIQ was not confirmed by jQuery, as the team found no evidence of malicious redirect code on the website and did not receive any alerts as they would usually get in such cases via different communication channels like Twitter or IRC.
The verification of the security company revealed that the malicious redirect was to a domain hosted in Russia.
jQuery takes steps to restore security of their infrastructure
The developer confirmed that as far as the latest incident is concerned, users were at no time in danger of receiving malware from their sites, as the code of the libraries remained unaltered.
“At no point today have there been reports of malware being distributed from any of our sites, nor has the code of any jQuery libraries on our website or CDN been affected or modified today or during last week’s reported attack,” Ralph Whitbeck says in a blog post.
However, some vulnerabilities were detected and the team proceeded to address them, as well as to upgrade dependencies and increase the security of their servers.
To make sure that users do not run the risk of being redirected to malicious locations or to download modified copies of the libraries, the jQuery team decided to move the main website to a new server that runs only code that has been verified and is trusted.
“We have moved http://jquery.com to a new server only running code we trust and are continuing to monitor the situation closely,” a tweet from the developer informs.
They also stress the fact that the official domain for hosting files from their CDN (content delivery network) is “code.jquery.com.”
We have moved http://t.co/cRhQV2AqTL to a new server only running code we trust and are continuing to monitor the situation closely.
— jQuery (@jquery) September 24, 2014